Lucene search

GoogleOSV:GHSA-622W-995C-3C3H

HistoryApr 07, 2023 - 7:22 p.m.

Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments

2023-04-0719:22:38

Google

osv.dev

goobi viewer core

cross-site scripting

user comments

vulnerability

fixed

version 23.03

security advisory

email support

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.3%

JSON

Impact

A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user’s browser when displaying the comment.

Patches

The vulnerability has been fixed in version 23.03

If you have any questions or comments about this advisory:

Email us at [email protected]

References

github.com/intranda/goobi-viewer-core

github.com/intranda/goobi-viewer-core/commit/f0ccde2d469efd9597c3062d00177a63341f2256

github.com/intranda/goobi-viewer-core/security/advisories/GHSA-622w-995c-3c3h

nvd.nist.gov/vuln/detail/CVE-2023-29015

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.3%

JSON

Related for OSV:GHSA-622W-995C-3C3H